By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

However, I’m always surprised at how frequently SharePoint security is an afterthought. Companies go to great lengths to protect servers running Windows, IIS and SQL Server, yet SharePoint controls are often overlooked.

Enterprises often see SharePoint as not quite a server and not quite a Web application. This view is the heart of the problem. Not only is SharePoint a public/private Web system, but it is an entire collection of systems that contains an abundance of sensitive information. And most of these systems can be accessed and exploited from inside your own network.

SharePoint has plenty of built-in security controls, but that doesn’t mean it is inherently secure. Below I’ve listed the top security issues facing SharePoint deployments:

1. Failure to take internal security policies and plans into account I see lots of configuration and administration inconsistencies in SharePoint. And having a development team manage SharePoint systems -- which so many do --can create accountability problems. Be sure you always have the answers to the following:

2. Failure to test the Web side of the system It’s easy to use a generic vulnerability scanner to scan the IP address of a SharePoint server -- and many do. However, many overlook the Web side of the equation.

SharePoint environments have the same application vulnerabilities as traditional websites and applications. Don’t be scared to dig a little deeper to find everything that matters. This is especially important with SharePoint because there is so much custom code.

3.Failure to properly maintain patches Numerous server-side vulnerabilities have been uncovered in SharePoint. In fact, a simple search that uses the QualysGuard vulnerability scanner database reveals a couple of dozen vulnerability checks that apply directly to SharePoint.

Consider Windows, SQL Server and IIS-based flaws that can be exploited as well. All it takes is a bored or unruly insider with a free vulnerability scanner and the free Metasploit tool to find and exploit missing patches and effectively “own” your system. Adding insult to injury, odds are that you’ll never know the exploit happened.

4. Failure to account for the mobile workforce It’s one thing to have SharePoint data locked down in the data center or in the cloud, but once you bring iOS, Android and Windows Mobile systems into the equation, you’ve got an entirely new set of issues.

Chances are your users access SharePoint remotely. But just how secure are their mobile devices? Do they have password protection or encryption set up? How is their data being backed up? Are they properly protected from malware?

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy